Social Engineering – the Exploit that Predates Computers

At Cisco we understand that the field of IT has grown considerably over the past few years, reaching the point where even professionals in the industry can have a hard time keeping up with everything that is happening in all areas. With groups like Anonymous and LulzSec taking down some pretty big names, it is clear that there is need for greater awareness of security and some of the issues that make security an interesting but ongoing challenge.

We have recruited Scott Olechowski and Patrick Peterson (read about Peterson’s epic battle against spam in Forbes) to make a series of videos, each of which will present a single issue in a bite-sized nugget that will hopefully be both informative and interesting. We have written and filmed these videos such that a fairly wide audience, from IT generalists to clueful laypersons, would likely understand and get something from them. We realize that communicating with users about security, or just about any IT-related issue, for that matter, can be challenging at best. We hope that these videos will be shared with users and help communicate the importance of security.

Social Engineering is the practice of using guile, deception and misdirection to cause a victim to take action to help facilitate or enable an exploit, and is thus the only hacking technique that predates information technology. It is also one of the biggest threats we face in the industry today. Indeed, the 2010 Cisco Annual Security Report covered social engineering and the role it played in Zeus, Koobface and the Cutwail botnet.

Here’s the video, the first in the SecureX Files series. We hope you enjoy it and share it with others, but don’t forget to come back soon, as we will be releasing additional videos over the next several weeks. Stay tuned!

3 Comments.

Great article. In my experience as a developer, web security is a bigger deal than people are treating it, especially when it comes to their own websites. Most figure they won't have security issues because they are too small, and assume that once they are big they will have the funds to improve their security. However security should be addressed before beginning any development cycle, not after the fact, or you risk everything.
In reference to social engineering the following link is a cool tool http://www.quickinfluence.com for influential social engineering.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.